Re: [exim] 👍👍👍👎 Re: RFC 8301: Cryptographic Algorithm and K…

Top Page

Reply to this message
Author: Torsten Tributh
Date:  
To: exim-users
Old-Topics: Re: [exim] RFC 8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
Subject: Re: [exim] 👍👍👍👎 Re: RFC 8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
Filed bug:
https://bugs.exim.org/show_bug.cgi?id=2236
Torsten


On 2/8/18 10:27 AM, Jeremy Harris wrote:
> On 08/02/18 07:03, Torsten Tributh via Exim-users wrote:
>> Postmasters might be interested in the newly issued RFC:
>>
>>   https://www.rfc-editor.org/rfc/rfc8301.txt
>>
>> To start following this RFC with
>> Section 3.1.  Signing and Verification Algorithms
>>
>>
>> I started using the sample from:
>>
>> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
>>
>>
>> In my config now:
>>
>> dmarc_history_file              = /somewhere/dmarc_history.txt
>>
>>   warn    condition =    ${if eq {$dkim_algo}{rsa-sha1}}
>>     condition =    ${if eq {$dkim_verify_status}{pass}}
>>     logwrite =    NOTE: forcing dkim verify fail (was pass)
>>     set dkim_verify_status = fail
>>     set dkim_verify_reason = hash too weak
>>
>> I guessed that after changing the dkim_verify_status the DMARC status
>> will also change and that later in the dmarc_history_file
>> will be some DKIM failed informations.
>
> I assume you've observed a sample resulting in that log line?
>
>> I would like to use the change of DKIM to fail and inform postmasters
>> about that with the generated DMARC reports, but i can't find any fail
>> in there.
>
> I've not tried running the (experimental) DMARC code. Nobody ever cared
> enough to create testcases in the testsuite, either...
>
> If you can put together an example that fails, it would be helpful to
> open a bug with it. At least it'll be documented then.
>


--
Torsten